Certified Information Systems Auditor (CISA) — Question 411
Which of the following components of a risk assessment is MOST helpful to management in determining the level of risk mitigation to apply?
Answer options
- A. Impact assessment
- B. Control self-assessment (CSA)
- C. Risk classification
- D. Risk identification
Correct answer: A
Explanation
The Impact assessment is crucial for management as it evaluates the potential consequences of risks, guiding them on how much mitigation is necessary. Control self-assessment (CSA), Risk classification, and Risk identification are important but do not provide the direct insights into the impact that help in determining the level of risk mitigation to apply.